>I'm trying to think of a way to intercept the login process, >and delete the bad file/program, so we can fis the systems.
I've been thinking about possible approaches. * Set up a MITM system to intercept the network processes used to authenticate a user during the login step. * U3 Switchblade * HID-based attack. Perhaps some USB driver is vulnerable. Windows also has some function keys that are active during the logon screen. At Blackhat. I was talking to Richard Rushing who was experimenting with HIDs, and he said he showed someone at Microsoft that these keys caused a screen to pop-up, even though the user was not logged in yet. They had to do with options for those with physical limitations. The person from Microsoft commented that this looked like a security issue (Irongeek - Note this). Anyhow - I'm looking for hints on approaches, and more ideas.... - Grym _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
